In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI.
>> CATEGORY: exploit
WUZHICMS version 2.0 suffers from a cross site scripting vulnerability.
MensaMax version 4.3 performs unencrypted transmission and usage of a hardcoded encryption key.
It was found that the PowerGrid application will execute rundll32.exe from a relative path when it is started with the /RWS command line option. An attacker can abuse this issue…
It was found that the PowerGrid application can be used to run arbitrary commands via the /SEE command line option. An attacker can abuse this issue to bypass Application Whitelisting…
The Debian/Ubuntu AppArmor policy for evince in bypassable.
H2 Database version 1.4.196 suffers from a remote code execution vulnerability.
Hotel Booking Engine version 1.0 suffers from a remote SQL injection vulnerability.
Education Website version 1.0 suffers from a remote SQL injection vulnerability.
Singleleg MLM Software version 1.0 suffers from a remote SQL injection vulnerability.